An article in today’s Compliance Week, Koss Fraud Spotlights Small Filers’ Internal Control Issues (subscription required), quotes me on internal controls and the auditors as it relates to the huge fraud committed by VP of Finance Sue Sachdeva at Koss Corp (NASDAQ:KOSS).
I’m no fan of Sarbanes-Oxley because I believe it was ridiculously expensive, and hasn’t really produced any meaningful results. Fraud is just as rampant as before SOX became law, and the only thing companies have to show for it is a huge bill from auditors and consultants.
But let’s suppose for a minute that SOX really is a good thing because it forces companies to take a harder look at internal controls. As a small public company, Koss wasn’t yet subject to audits of their internal controls.
As a public company with a market cap well below $75 million, Koss is a non-accelerated filer and therefore not yet subject to Section 404(b) of the Sarbanes-Oxley Act, which requires an external auditor’s review of internal controls over financial reporting. The company must perform its own review of controls and assert in its financial statements whether those controls are adequate (that is Section 404(a) of SOX), but they are not required to get an auditor’s opinion on those controls.
My comments on the internal controls and Grant Thornton’s work:
Tracy Coenen, a forensic accountant and fraud examiner at Sequence Inc. who has been following the Koss spectacle closely, notes that Koss had no formal internal audit function, and that certainly could have been a red flag to Grant Thornton that the quality of controls would be suspect. But there’s no way to know from publicly available documentation what the auditor thought of Koss’s controls.
Coenen says the audit fees Koss paid to Grant Thornton were low enough ($151,300 in fiscal 2009 but only $71,400 in 2008) that one can’t help but wonder how much audit work actually occurred. Kyviakidis, on the other hand, says auditors have enough pressure about fees and legal liability these days that the amount paid may not reflect the amount of work that truly went into the audit.
Even if Grant Thornton had been required to take a harder look at the internal controls at Koss, I doubt that the fraud committed by Sachdeva would have been discovered sooner. Maybe it would have. But that’s not a foregone conclusion. Sachdeva likely knew exactly what the auditors were looking for each year, and hid her fraud accordingly.
This is a great time to talk about internal controls over fraud by executives. It’s certainly an issue that needs to be visited by all companies. It certainly is a huge problem, but I’ve always said that the problem of fraud is not going to be solved by regulations. It’s going to be solved by companies being proactive about preventing and detecting fraud. Shareholders and management need to force the issue so that companies are “encouraged” to police the issue of fraud by executives and make substantive changes that reduce the fraud risks and fraud losses.